This is what I found in my dns debug. scenewhores.com does not belong to us nor do we have anything to do with them or this kind of industry. >From what I can tell they tried to use our dns server to service this domain name ? datagram from [210.113.231.145].1668, fd 22, len 35 req: nlookup(v.scenewhores.com) id 53786 type=1 class=1 req: found 'v.scenewhores.com' as 'com' (cname=0) evSetTimer(ctx 0x80d2740, func 0x805aed8, uap 0, due 965197248.000000000, inter 0.000000000) forw: forw -> [198.41.0.4].53 ds=5 nsid=15407 id=53786 79ms retry 4sec datagram from [198.41.0.4].53, fd 5, len 130 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15407 ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2 ;; v.scenewhores.com, type = A, class = IN SCENEWHORES.COM. 2D IN NS NS1.SUIDREWT.ORG. SCENEWHORES.COM. 2D IN NS NS2.SUIDREWT.ORG. NS1.SUIDREWT.ORG. 2D IN A 195.13.119.253 NS2.SUIDREWT.ORG. 2D IN A 195.13.119.254 resp: nlookup(v.scenewhores.com) qtype=1 resp: found 'v.scenewhores.com' as 'scenewhores.com' (cname=0) evSetTimer(ctx 0x80d2740, func 0x805aed8, uap 0, due 965197248.000000000, inter 0.000000000) sysquery: send -> [198.41.0.4].53 dfd=5 nsid=2176 id=0 retry=965197248 evSetTimer(ctx 0x80d2740, func 0x805aed8, uap 0, due 965197248.000000000, inter 0.000000000) sysquery: send -> [198.41.0.4].53 dfd=5 nsid=25109 id=0 retry=965197248 evSetTimer(ctx 0x80d2740, func 0x805aed8, uap 0, due 965197248.000000000, inter 0.000000000) datagram from [198.41.0.4].53, fd 5, len 180 evSetTimer(ctx 0x80d2740, func 0x805aed8, uap 0, due 965197248.000000000, inter 0.000000000) datagram from [198.41.0.4].53, fd 5, len 180 datagram from [210.113.231.145].1668, fd 22, len 35 req: nlookup(v.scenewhores.com) id 53786 type=1 class=1 req: found 'v.scenewhores.com' as 'scenewhores.com' (cname=0) evSetTimer(ctx 0x80d2740, func 0x805aed8, uap 0, due 965197253.000000000, inter 0.000000000) forw: forw -> [195.13.119.253].53 ds=5 nsid=43213 id=53786 3ms retry 4sec evSelectFD(ctx 0x80d2740, fd 7, mask 0x1, func 0x8086e98, uap 0x4013004c) IP/TCP connection from [216.208.41.78].4355 (fd 7) datagram from [195.13.119.253].53, fd 5, len 84 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43213 ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; v.scenewhores.com, type = A, class = IN v.scenewhores.com. 1W IN NS doh.scenewhores.com. doh.scenewhores.com. 1W IN A 216.224.8.100 resp: nlookup(v.scenewhores.com) qtype=1 resp: found 'v.scenewhores.com' as 'v.scenewhores.com' (cname=0) evSetTimer(ctx 0x80d2740, func 0x805aed8, uap 0, due 965197254.000000000, inter 0.000000000) resp: forw -> [216.224.8.100].53 ds=5 nsid=28566 id=53786 19ms evSelectFD(ctx 0x80d2740, fd 8, mask 0x1, func 0x8086e98, uap 0x40130008) IP/TCP connection from [216.224.8.100].1466 (fd 8) evDeselectFD(fd 8, mask 0x1) evSelectFD(ctx 0x80d2740, fd 8, mask 0x1, func 0x8086e98, uap 0x40130090) evDeselectFD(fd 8, mask 0x1) update type 30: 6507 bytes is too much data And this is when the DNS server went down. Any idea on what was the purpose of this ? Iv already upgraded to bind 2.5pre9. But I am sure he/she/they will be back BTW when I start the name server another high UDP port seems to be open, any idea why this is ? - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.rutgers.edu
